1. Field of the Invention
The present invention relates to a method and a system for mobile authentication, more specifically to a mobile authentication method and system through strengthened mutual authentication and handover security that are capable of providing an effective authentication algorithm, which takes a mutual authentication procedure for mobile stations and the mobility of a mobile station into consideration, on a mobile network.
By providing an effective and powerful authentication and security algorithm considering a variety of service scenarios, the mobile authentication system of the present invention is capable of maintaining the security against various harmful attacks.
2. Background Art
With the recent development of mobile communication technologies, the 3G service, which provides data and multimedia services as well as the voice service, is gaining the popularity.
With an explosive increase of 3G service subscribers, the authentication of verifying whether a user is legitimately authorized has become an increasingly important issue. At the same time, more studies have been conducted to encrypt the 3G service in order to inhibit unauthorized users from receiving the service.
Generally, the authentication and security of a mobile network provides a subscriber of a service the means for ensuring anonymity and privacy during a call and a mobile service provider the means for charging the correct customer.
As a part of studies on user authentication and encryption of the 3G service, the 3GPP (3rd Generation Partnership Project) Authentication and Key Agreement standard (IEEE TS 33.102) has been proposed. In addition, there have been a number of studies on the weakness of the 3GPP AKA and possible attacks against the AKA as well as methods for addressing these issues.
A Korean patent, the publication number of which is 2004-0013966, filed for application on Aug. 9, 2002, is about authentication for an electronic commerce information protection. More specifically, it discloses a method of authentication and key agreement on a mobile communication network that is suitable for efficiently performing the authentication and key agreement between a service provider and a user having a mobile station.
Although the publication number 2004-0013966 proposed an authentication mechanism utilizing an open-key-based system, this mechanism is not expansible since the widely used 3GPP AKA.
In “Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol” (IEEE Transactions on Wireless Communications, Vol. 4, No. 2, March 2005, Muxiang Zhang, Yuguang Fang), a possible attack scenario in 3GPP AKA and an authentication mechanism of AP-AKA, which is an authentication mechanism for addressing the pertinent attack, are disclosed.
In the above reference (“Reference [1]”, hereinafter), Zhang et al. points out a vulnerability of 3GPP AKA against a false base station, and suggests the AP-AKA as a solution for this vulnerability.
The false base station uses the vulnerability of AKA, in which the user can not authenticate the network, to interrupt a normal authentication such that the authentication is not made on a network intended by the user, and makes the authentication completed in a network intended by the adversary.
Zhang indicates a redirection attack and an active attack in a corrupted network, as some of the possible attacks by an interruption of the false base station in the conventional AKA.
The redirection attack occurs when the false base station snatches an authentication request by a mobile station to redirect a call to a network with a low security level or high service charges that does not perform an encryption.
Therefore, through the redirection attack, not only can the false base station tap into the communication information of the mobile station, but also the false base station can reconfigure the communication route to excessively charge the mobile station.
Fundamentally, the redirection attack occurs because the mobile station is not able to authenticate the network that has transmitted the authentication request.
The active attack in a corrupted network presumes that the corrupted network, which is controlled by an adversary, has an extra copy of an authentication vector (AV) that a mobile station has already obtained.
In case a normal network transmits an authentication request message to a mobile station, the false base station obtains an AV corresponding to the mobile station from the corrupted network and transmits an element of the AV to the mobile station.
As the mobile station is unable to authenticate the network that has sent the authentication request, the mobile station re-uses the AV generated by the corrupted network. Since the AV obtained from the corrupted network is already exposed to the adversary, the adversary is able to tap the communication information of the mobile station.
In the description below, a solution suggested by Reference [1] for each of the above attack scenarios will be described in detail.
The AP-AKA, proposed through Reference [1], provides a method for addressing the redirection attack and the active attack in a corrupted network, as described above.
The AP-AKA uses IDSN to address the redirection attack. IDSN is an identifier assigned in accordance with IMSI of a mobile station in order to identify a visiting location register of a serving network (“VLR/SN”, hereinafter) that the mobile station accessed.
A home location register located in a home network (“HLR/HN”, hereinafter) receives a VAC through an authentication data request message. The VAC is obtained from the mobile station through a user data request process and includes the IDSN. The user data request process consists of a step of the VLR/SN sending a user data request message to the mobile station and a step of the mobile station sending a user data response message to the VLR/SN.
If the IDSN included in the VAC and the IDSN of the VLR/SN that sent the authentication data request message are different, the HLR/SN may determine that a redirection attack has occurred.
The AP-AKA also uses an RN (Random Number) to address the active attack in a corrupted network scenario. The RN is a random value selected by the mobile station and changes every time the VLR/SN makes an authentication request. The RN is obtained from the mobile station through the user data request process.
The RN included in an AV generated by the corrupted network can be different from the RN sent by the mobile station through the user data response message. Therefore, the mobile station can recognize that the active attack in a corrupted network has occurred, through an RNidx included in AUTH.
The mobile station can obtain the AUTH value through a user authentication request message.
“Efficient 3GPP Authentication and Key Agreement with Robust User Privacy Protection” (IEEE Wireless Communications and Networking Conference (WCNC 2007), Wen-Shenq Juang, Jing-Lin Wu; “Reference [2]”, hereinafter) points out that the AP-AKA proposed by Reference [1] is vulnerable against a location privacy attack, a space overhead on VLR and a higher bandwidth consumption between HLR and VLR, and presents an Efficient-AKA protocol as a solution for the above three vulnerability problems.
Although the above references are most widely studied as an authentication method that is improved from the IEEE mobile network authentication standard of 3GPP-AKA, they are only capable of addressing the presented attack scenarios. Consequently, the disclosed authentication mechanism is unable to effectively address a combined attack scenario.
As such, the conventional authentication methods and systems are not only vulnerable against a false base station but also have authentication flaws between networks during the transfer of user authentication information.
Therefore, not only is the conventional authentication system unable to provide a reliable authentication service but also is incapable of properly addressing malicious attacks of an adversary through a false base station.